TippingPoint Digital Vaccine Laboratories
DID YOU KNOW... In December of 2007, Microsoft released seven security bulletins which fixed 11 new security vulnerabilities. TippingPoint and ZDI were credited with discovering a total of four of those vulnerabilities.

DVLabs headed to Vegas

It's that time of year again. Most of our DVLabs team will be in Las Vegas for Black Hat Briefings and DEFCON this week, and a number of us will also be participating. Pedram Amini is currently giving two 2-day courses on Reverse Engineering on Windows. On Wednesday, the first day of Black Hat, ...


Happy Birthday ZDI!

In just one week, the Zero Day Initiative (ZDI) will be celebrating its two year anniversary. In those two years we've achieved a lot of milestones I’m proud of: a community of over 600 researchers, 27 acquired critical Microsoft 0day vulnerabilities, and over 1,000 vulnerability submissions. As part of our rewards system, we’re treating our top researchers to an all expenses paid tri ...


Remembering Five Years of Vulnerability Markets

While compiling some stats this week for our Zero Day Initiative two year anniversary, I came across this recent news article by the Associated Press, Researchers Seek Cash for Software Flaws.  It’s the latest in a long line of media coverage on the launch of a new vulnerability auction site. ...


Step by Step of How TPTI-07-013 was Discovered

So one of our advisories, TPTI-07-013 went out today. The issue is a remote code execution in Borland Interbase 2007. This is an interesting target for us because we accidentally stumbled on it. The story goes like this... I was up late on wednesday night, as usual since we are all up late on wednesday nights, and decided to take a look at BakBone NetVault. Upon installing NetVault, I noticed a process listening on T ...


The elephant in the room is under a blanket..

Let's say, for example, that you're a security administrator charged with maintaining a network usage/security policy for your company. Let's go a step further and say that part of this policy is to block the usage of instant messaging and VoIP applications. Let's go one final step further and assume that you actually care about your job and really want to do this and not simply tell your boss you did and then run down to the bar for a drink. "It's easy," you think. "Simply block th ...


Delving into the Gyring World of Botnets

The following lines from William Butler Yeats's poem "The Second Coming" struck me as an apropos introduction to a post on researching botnets: "Turning and turning in the widening gyre The falcon cannot hear the falconer; Things fall apart; the centre cannot hold; Mere anarchy is loosed upon the world, The blood-dimmed tide is loosed, and everywhere The ceremony of innocence is drowned; The best lack all convictions, while the wors ...


Filter 5432 also catches VirusProtectPro

After the release of filter 5432: "Spyware: Malicious Anti-Spyware Program Download" in DV 7336, we received reports of another fake anti-spyware program caught by this filter: VirusProtectPro. This brings the total list of fake anti-spyware caught by this one filter to: AntiVermins, MalwareWipe, SpyCrush, SpyDawn, SpyFalcon, SpyHeal, SpywareQuake (aka SpyQuake2), SpywareStrike, VirusBlast, and VirusProtectPro. This unexpected catch was by design. 5432, like the other fake anti-spyware ...


Sys Admin Magazine Goes Quietly Into That Good Night

Richard Bejtlich gives the heads up that after 15 years, Sys Admin magazine is finally shutting down. Like Richard, I too feel a certain nostalgia for the magazine. I bought my first copy of Sys Admin back in November of 1994, their annual security issue. I was just taking on a student sys admin job in our computer science lab at Tulane. Back then i ...


Greatest Book Dedication Ever?

Not to brag or anything, but who can deny this as the greatest book dedication the world has ever seen:     Fuzzing: Brute Force Vulnerability Discovery - Dedication If you are interested in buying the book:     Amazon For ...